Solved

Disallow RDP access to certain accounts which are part of Domain Admins

Posted on 2013-11-10
4
368 Views
Last Modified: 2014-02-26
Hi,

We have several 100 servers and we have few accounts used as a service account on these servers.  It is a requirement by the application for these service accounts to be member of Domain Admins Group.

I would like to prevent some of the service accounts RDP access on all our servers.  What is the quickest way of accomplishing this?  Can I do something on the user level like Deny RDP Access etc.??

Help please.
0
Comment
Question by:fais79
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
You can do this via GPO. Remember that this change can be reverted back with this account as it is a domain admin account.

Not recommend but can be done via GPO.

Deny RDP access - http://technet.microsoft.com/en-us/library/cc737453(WS.10).aspx

Will.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
Comment Utility
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Before we leave it unquestioned... :)
Why would you need to have those accounts setup as domain admins? Normally, you would use service accounts and assign/delegate just some privileges to them and not the whole lot.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Please respond or finalize it, this question is growing old :)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now